Computer Security is vitally important to the success of any 21st century firm. However the integrity of computer security has been greatly compromised in recent years and hackers have found creative ways to invade computer systems. The purpose of this paper is to assess how vendor's solutions enable organizations to better meet their overall business goals and strategies. We will also discuss the security of several vendors, which include www.requisite.com, www.ariba.com, and www.trade-ranger.com.Let's begin by discussing the computer security threats that vendors face.
Computer Security Threats
With the advent of the Internet, vendors have encountered monumental problems with the security of their networks. According to a whitepaper published by AirDefense, the most severe threats to computer security involve wireless LAN's. The whitepaper explains that wireless LAN's create a security challenge because,
Without proper security measures for authentication and encryption any laptop with a wireless card can connect with the network or stealthily eavesdrop on all network traffic across various access points." (Wireless LAN Security)
When hackers gain access to these points they can create internal and external problems for vendors. Internal problems include Rogue WLAN's, accidental associations, and insecure network configurations. Rogue WLAN's create a problem for vendors because they allow staff to conceal their access points to wire-side sniffers by setting the access point to reflect the same MAC address of the laptop. In addition, Rogue WLAN's can also be used internally to disturb ad hoc networks. Ad hoc networks can allow unauthorized users access to the system that can then use this access to enter the entire system of the vendor. (Wireless LAN Security)
Another internal problem associated with Wireless LAN's is accidental association. Accidental associations occur when "a neighboring company across the street or on adjacent floors of the building operates a wireless Lan that emanates a strong RF signal that bleeds over into your building space." (Wireless LAN Security) This allows the LAN friendly operating system to associate with the systems of your wireless users. This association can expose passwords and sensitive information. In addition, accidental associations can cause two systems to become a single system. (Wireless LAN Security)
The final internal problem that wireless LAN's can produce is insecure network configurations. These insecure configurations involve companies that use Virtual Private Networks. VPN's often have default settings which contain open broadcasts of SSID's, poor encryption, passwords and poor authentication.. (Wireless LAN Security) These access points can easily be reconfigured to serve the purposes of a hacker.
Wireless LAN Security)
External problems created by wireless LAN's include Identity theft, espionage and eavesdropping, and evolving attacks. Of these three, identity theft has become one of the most prevalent external problems. Identity theft often involves getting personal identification numbers of SSIDs and MACs which give the hacker access to the entire system. The hacker can then steal sensitive information about users or clients including credit card number and bank account information.
Another external problem involves espionage and eavesdropping. Through poorly secured wireless LAN's which are broadcast over radio waves hackers can find unencrypted messages. They can use these messages to expose vendors to corporate espionage. (Wireless LAN Security)
The final external threat comes from evolving attacks. Evolving attacks involve man in the middle and denial of service attacks. (Wireless LAN Security) These attacks are usually performed by more sophisticated hackers and can shut down networks and reek havoc upon VPN's. (Wireless LAN Security)
How Vendor's solutions to these problems enable organizations to better meet their overall business goals and strategies
According to AirDefense there are several solutions that can be used to combat the problems associated with wireless LAN's. Among these solutions are Remote Sensors and server appliances, and Differentiating technologies. (Wireless LAN Security) The whitepaper also asserts that these solutions combat rogue wireless LAN's and insecure network configurations, Mac Spoofing and Identity theft, Denial of service attacks, and man in the middle attacks. (Wireless LAN Security)
Air Defense asserts that the Remote Sensors solution that it provides "sits near 802.11 access points to monitor all WLAN activities and report back to the server appliance, which analyses the traffic in real time." (Wireless LAN Security) The remote sensor performs several tasks including 24-hour monitoring of AWLN activities, coverage of up to 40,000 sq feet of office space, they are centrally managed, and they report to a back end server. (Wireless LAN Security) Server appliances also perform several tasks including enforcing WLAN policies, detecting hackers and threats to the system, providing a secure web based interface, and responds to network misconfigurations, policy violations and attacks. (Wireless LAN Security)
AirDefense has also created differentiating technology. The differentiating technology solutions that AirDefense provides are critical to the success of any Wireless LAN security system. The article explains that the differentiating technology involves supplying,
Stateful monitoring of the airwaves... Stateful means that AirDefense provides continuous monitoring of the "state" of communication between all access points and stations transmitting on the airwaves. With a minute by minute account of all WLAN traffic, intruders are immediately recognized, attacks are quickly detected, and appropriate steps can be taken to secure the network." (Wireless LAN Security)
The solutions that AirDefense provides enable organizations to better meet their overall business goals and strategies by allowing them to see problems with the system before they occur. This allows the company to take preventative measures that will be less costly to fix than having to fix problems caused by an actual attack. The remote sensors and server appliances enable companies to monitor their systems all day-everyday. This eliminates cost associated with problems that occur when a system is not being monitored.
The differentiating technology allows organizations to make sense of all the information that is being provided to them. In doing this organizations are able to determine what information is malignant and what information is benign. Companies are also able to secure the network in a timely fashion. The ability to act immediately is so important because it reduces the possibility that information will be stolen from the system and used in a malice manner.
These solutions allow companies to create definite business plans which enable them to meet business goals. For instance, many businesses have goals such as having a secure internal system or ensuring customer privacy. The solutions created by AirDefense allow these organizations to secure their internal and external systems to make them less vulnerable. They also enable organizations to ensure that costumers' financial information will be secure on their networks.
In addition, many organizations have adapted business strategies for which a secure wireless LAN is essential. Such organizations may endeavor to allow employees to telecommute (work from home). The possibility of being able to work from home is an attractive prospect for many employees. However, it creates an additional network security problem for most employers. If organizations want to offer this option to employees they must be certain that the network is secure and minimize the capabilities of hackers.
Will Vendors Remain Secure
According to the requisite technologies website the company enables buyers and suppliers to collaborate. The company has several solutions to enable clients to do this, including; business consulting, technical consulting, technical support and business consulting. The security of this vendor could be greatly jeopardized because it provides both internal and business to business solutions. The security of business to business solutions can be compromised because there are two different networks that have to be accessed. These networks have to communicate with one another to track shipments and monitor inventory. This could create a problem because one of the systems may be more vulnerable to attack than the other; which can grant the hacker with access to the organization that is more secure. In short, it creates a backdoor for hackers to walk into.
In my opinion requisite.com may have a difficult time maintaining the integrity of its system. The company must adopt solutions that focus more on security issues concerning wireless LAN's.
Ariba specializes in spend management solutions. It offers procurement solutions, analysis solutions, sourcing solutions, strategy solutions and supplier management solutions. The company aims to "help companies realize key business objectives across the ESM process and achieve significant, sustainable spend reductions." (Solutions Overview) It seems that this vendor will not be as affected by the problems that were discussed in the whitepaper. This vendor deals more with internal solutions and business strategies. It doesn't seem that the company will have to deal with the same security issues that were made evident by the whitepaper and it seems that the vendor will remain secure.
Trade-ranger is a business to business public market place which engages in transactions in the petrochemical and energy industry. There are several businesses that utilize the services provided by trade-ranger. These corporations include; Hess, the Mitsubishi corporation, Dow, Conoco, Shell and Motiva Enterprises. (Welcome to trade-ranger) The company provides content management, invoicing and trading completely over the internet. (Welcome to trade-ranger) Out of the three companies that we have reviewed trade-ranger is the most susceptible. Not…